UNCLASSIFIED

Skip to content

GitLab

Commit ebc962d0 authored by bhearn7's avatar bhearn7
Browse files

update flow

parent 65d8d676
Pipeline #440838 passed with stages
in 3 minutes and 17 seconds
Hide whitespace changes
Inline Side-by-side
Showing with 18 additions and 22 deletions
chart/templates/engine_configmap.yaml
View file @ ebc962d0
...@@ -59,9 +59,7 @@ data: ...@@ -59,9 +59,7 @@ data:
# Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
# Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
keys: keys:
{{- $anchorefullname := include "anchore-engine.fullname" . -}} {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
secret: ${ANCHORE_SAML_SECRET} secret: ${ANCHORE_SAML_SECRET}
{{- end }} {{- end }}
{{- with .Values.anchoreGlobal.saml.publicKeyName }} {{- with .Values.anchoreGlobal.saml.publicKeyName }}
......
chart/templates/engine_secret.yaml
View file @ ebc962d0
...@@ -16,8 +16,10 @@ stringData: ...@@ -16,8 +16,10 @@ stringData:
ANCHORE_DB_PASSWORD: {{ index .Values "postgresql" "postgresPassword" | quote }} ANCHORE_DB_PASSWORD: {{ index .Values "postgresql" "postgresPassword" | quote }}
{{- $anchorefullname := include "anchore-engine.fullname" . -}} {{- $anchorefullname := include "anchore-engine.fullname" . -}}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }} {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or (not $old_secret) (not $old_secret.data) }} {{- if .Values.anchoreGlobal.saml.secret }}
ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }} ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret }}
{{- else if or (not $old_secret) (not $old_secret.data) }}
ANCHORE_SAML_SECRET: {{ (randAlphaNum 12) | quote }}
{{ else }} {{ else }}
ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }} ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }}
{{- end }} {{- end }}
......
chart/templates/enterprise_configmap.yaml
View file @ ebc962d0
...@@ -41,9 +41,7 @@ data: ...@@ -41,9 +41,7 @@ data:
# Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
# Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
keys: keys:
{{- $anchorefullname := include "anchore-engine.fullname" . -}} {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
secret: ${ANCHORE_SAML_SECRET} secret: ${ANCHORE_SAML_SECRET}
{{- end }} {{- end }}
{{- with .Values.anchoreGlobal.saml.publicKeyName }} {{- with .Values.anchoreGlobal.saml.publicKeyName }}
......
chart/templates/enterprise_feeds_configmap.yaml
View file @ ebc962d0
...@@ -35,9 +35,7 @@ data: ...@@ -35,9 +35,7 @@ data:
# Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
# Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
keys: keys:
{{- $anchorefullname := include "anchore-engine.fullname" . -}} {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
secret: ${ANCHORE_SAML_SECRET} secret: ${ANCHORE_SAML_SECRET}
{{- end }} {{- end }}
{{- with .Values.anchoreGlobal.saml.publicKeyName }} {{- with .Values.anchoreGlobal.saml.publicKeyName }}
......
chart/templates/enterprise_feeds_secret.yaml
View file @ ebc962d0
...@@ -17,8 +17,10 @@ stringData: ...@@ -17,8 +17,10 @@ stringData:
ANCHORE_FEEDS_DB_PASSWORD: {{ index .Values "anchore-feeds-db" "postgresPassword" | quote }} ANCHORE_FEEDS_DB_PASSWORD: {{ index .Values "anchore-feeds-db" "postgresPassword" | quote }}
{{- $anchorefullname := include "anchore-engine.fullname" . -}} {{- $anchorefullname := include "anchore-engine.fullname" . -}}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }} {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or (not $old_secret) (not $old_secret.data) }} {{- if .Values.anchoreGlobal.saml.secret }}
ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }} ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret }}
{{- else if or (not $old_secret) (not $old_secret.data) }}
ANCHORE_SAML_SECRET: {{ (randAlphaNum 12) | quote }}
{{ else }} {{ else }}
ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }} ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }}
{{- end }} {{- end }}
......
docs/BBCHANGES.md
View file @ ebc962d0
...@@ -225,10 +225,12 @@ To resolve an issue where Anchore would redeploy after every update, `./chart/te ...@@ -225,10 +225,12 @@ To resolve an issue where Anchore would redeploy after every update, `./chart/te
```yaml ```yaml
{{- $anchorefullname := include "anchore-engine.fullname" . -}} {{- $anchorefullname := include "anchore-engine.fullname" . -}}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }} {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or (not $old_secret) (not $old_secret.data) }} {{- if .Values.anchoreGlobal.saml.secret }}
ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }} ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret }}
{{- else if or (not $old_secret) (not $old_secret.data) }}
ANCHORE_SAML_SECRET: {{ (randAlphaNum 12) | quote }}
{{ else }} {{ else }}
ANCHORE_SAML_SECRET: {{ index $old_secret.data "ANCHORE_SAML_SECRET" }} ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }}
{{- end }} {{- end }}
``` ```
...@@ -236,11 +238,7 @@ Additionally, `./chart/templates/engine_configmap.yaml`, `./chart/templates/ente ...@@ -236,11 +238,7 @@ Additionally, `./chart/templates/engine_configmap.yaml`, `./chart/templates/ente
```yaml ```yaml
keys: keys:
{{- $anchorefullname := include "anchore-engine.fullname" . -}} {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
secret: ${ANCHORE_SAML_SECRET} secret: ${ANCHORE_SAML_SECRET}
{{- end }} {{- end }}
``` ```
\ No newline at end of file
If you want to change your `ANCHORE_SAML_SECRET` value, remember to delete the previous 2 secrets so the value is not reused.
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED